An attacker can convert a single successful social engineering call into a valid session, then extend that access through new device enrolment or federation artefacts. That breaks the assumption that MFA remains a hard gate, because the gate has already been moved into a less protected operational process.
#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.